An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.
Find out more about CVE-2018-1000199 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.
This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.
CVSS3 Base Score | 7.8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | High |
Privileges Required | Low |
User Interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2018:1354 | 2018-05-08 |
Red Hat Enterprise Linux 7 (kernel-alt) | RHSA-2018:1374 | 2018-05-14 |
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:1355 | 2018-05-08 |
Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) | RHSA-2018:1345 | 2018-05-08 |
Red Hat Enterprise Linux Server TUS (v. 7.2) (kernel) | RHSA-2018:1347 | 2018-05-08 |
Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (kernel) | RHSA-2018:1347 | 2018-05-08 |
Red Hat Enterprise Linux Extended Update Support 7.3 (kernel) | RHSA-2018:1348 | 2018-05-08 |
Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:1318 | 2018-05-08 |
Red Hat Enterprise Linux Advanced Update Support 7.2 (kernel) | RHSA-2018:1347 | 2018-05-08 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 6 | kernel | Not affected |
Red Hat Enterprise Linux 5 | kernel | Not affected |
To mitigate this issue:
1) Save the following script in a 'CVE-2018-1000199.stp' file.
---
probe kernel.function("ptrace_set_debugreg") {
if ($n < 4)
$n = 4; /* set invalid debug register #, returns -EIO */
}
probe begin {
printk(0, "CVE-2018-1000199 mitigation loaded")
}
probe end {
printk(0, "CVE-2018-1000199 mitigation unloaded")
}
---
2) Install systemtap package and its dependencies
# yum install -y systemtap systemtap-runtime
# yum install -y kernel-devel kernel-debuginfo kernel-debuginfo-common
3) Build the mitigation kernel module as root.
# stap -r `uname -r` -m cve_2018_1000199.ko -g CVE-2018-1000199.stp -p4
4) Load the mitigation module as root
# staprun -L cve_2018_1000199.ko